Giving BOBJ access to SAP User IDs

Hi,
We have implemented SAP BI with Integration to BOXI 3.1.
We want to decide on access strategy on BOBJ.
We have noticed that once SAP Users log in to BOBJ they start appearing in BO user list as <SID>~<CLNT>/UserName
We are also able to assign BO access rights to these user IDs.
I want to know if there are any drawbacks in using the above approach for assigning BO permissions.  
Please let me know if there is any document with pros and cons for this approach or is it mandatory that we always assign permission using SAP Imported Roles
Thanks
Imtiaz

hello Raghu,
Thank you for your suggestion
I have a Premium "BusinessObjects Enterprise Premium Version  License Key Information ".The expiry is on 2010.
In the authentication there are the following option
1)Entitlement Systems  2)  Role Import   3) SNC Settings   4) Options 
I do not find any license option in any of these tabs.
Kindly let me know as i am not getting errors .All the roles are visible but not the users.
Thanks and Regards,
Jacob

Similar Messages

  • How to access unread mails of all users in Exchange server without having Passwords and without giving mailbox access to other user.

    Hi all,
       I am using Exchange server 2013, my task is to create
    Service , that
    need's to  monitor continuously for new mails of all Mailboxes in
    my server. if any user got new mail i need to get that Mail Subject, Mail Body, Sender Email Address [From emailId] .  
    Limitation
    : I don't have Passwords of mailboxes , so i gave all mailbox access permission  to one user , then i completed this   service using below code.
     But now, Client
    not willing to give Mailbox Permissions to one user because of security problems.
    How can i do this without passwords and without giving permissions to other user ?
    i don't want all mailbox access , i just need only
    access Mail Subject , Body and Sender mail address .
    How can i achieve
    this ?
    Process i follow
    => I created new user in server , and then i gave full permissions of all Mailboxes to newly created user[ex: james] in database level.
         i use below command for giving permissions in database level.
    Get-MailboxDatabase -Identity <Database Name> | Add-ADPermission -User <User> -AccessRights GenericAll
     => using below code i am searching unread mails of all user Mailboxes and then getting Subject, body and Sender Email            address . here i am have list of users,
    ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
    service.Credentials = new WebCredentials("[email protected]", "password");
    service.AutodiscoverUrl("[email protected]");  foreach (Object obj in usersList) // here i have Mailbox users list in usersList
                 { var userMailbox = new Mailbox(obj.user);
    var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox);
    SearchFilter.IsEqualTo filter1 = new SearchFilter.IsEqualTo(EmailMessageSchema.IsRead, false);
    var itemView = new ItemView(50);
    var userItems = service.FindItems(folderId, filter1, itemView);
    foreach (var item in userItems)
    item.Load();
    var senderEmail = ((EmailMessage)item).From;
    var subject = item.Subject;
    var body = item.Body;

    You would need to check that possibilities via WebServices but suggest you to post this in Development forum to get help from programmers....
    http://social.technet.microsoft.com/Forums/office/en-US/home?forum=exchangesvrdevelopment
    Blog |
    Get Your Exchange Powershell Tip of the Day from here

  • ESS user ids and SAP Users ids accountability

    Dear All,
    Here at client place we some 50 professional user licenses for SAP r/3 and 200 ESS licenses. So here can we split same licenses into 150 ESS and 50 MSS, as well as when i am creating a system user at backend would be accountable against SAP professional licenses or its included in ESS licenses.
    Regards,
    Rajasekar

    no replys

  • Full Name SAP User ID

    Hello Experts,
    I have a list that contains first and last names of people.  I need to determine their SAP user IDs.  What is the easiest way using the system to determine this?
    Is there several methods?   IF so please list, I don't want unauthorized permissions to stop me from retrieving this data.
    THANK YOU!!

    Hi Lucas
    Go to transaction SE16 and type USER_ADDR . Give the list of first names and last names in the respecitive fields and execute.  The user field will give you the list of SAP user id's .
    Thanks
    Aparna

  • Two user IDs for the same person in SAP

    Hi Experts,
    The user has somehow got the Approval from the management to get Two USer ID In SAP CRM. Now requested for Access.
    As per the Best Practice, One user should have only one SAP USER ID.
    Since the User is a Managaer in Sales, we have assigned the Sales Business role, If he wants a Sales pro business role that can also be assigned. He has requested for Two seperate user ID in SAP.
    I want to restrict him, and let the business know what would be the implications and causes.
    Can some one help with the Disadvantages of having 2 user id for same user. So that we can let Business know about the implications and consequences it will create.
    Please help with your view !!!!
    Regards,
    karthik J
    Edited by: Julius Bussche on Mar 10, 2012 1:34 PM
    CAPS-LOCK removed...

    Disadvantage.
    1. Secure login for linking of SAP ID between your windows network id and SAP ID.
    2. If allowed for two user ids in CRM system then he needs the same in ECC system also.
    3. Trouble shooting issue in future.
    Please note that, its all depend on the users justification and the requirement of the business.
    Regards,
    Shrinivasan. KV

  • Whats the functional difference between user IDs SAP* and DDIC?

    Whats the functional difference between SAP* and DDIC? Can any one tell me please. I am new here. Thanks in advance.

    Hi Farooq,
    There are three user IDs in various SAP clients.
    1. SAP* (Client 000 and 001)
    SAP* denotes the default super user and has all administrative powers.
    2. DDIC (Client 000 and 001)
    DDIC user is responsible for the maintenance of the ABAP/4 Dictionary and the software logistics.
    3. EarlyWatch (Client 066)
    The EarlyWatch user has access only to monitoring and performance data.
    Please check this link for more information on data dictionary objects.
    http://help.sap.com/saphelp_webas620/helpdata/en/cf/21ea31446011d189700000e8322d00/content.htm
    Hope this will help.
    Regards,
    Ferry Lianto

  • How to let SAP user use SSO to access Application in DMZ?

    Hi All,
    Our J2EE application is running on a system in DMZ which can not be connected with LDAP. So I am wondering if it's possible to let SAP user use SSO to access our application.
    After talking with my colleague I think the only way is to import SSO public key to our WebAS and create user in UME and then assign user to the corresponding public key, but anybody know where to download SSP verification file or is it allowed to download and import into another system at all?
    Regards,
    Bin

    Hi,
    Take a look at this example, it uses property nodes to select tha
    active plot and then changes the color of that plot.
    If you want to make the number of plots dynamic you could use a for
    loop and an array of color boxes.
    I hope this helps.
    Regards,
    Juan Carlos
    N.I.
    Attachments:
    Changing_plot_color.vi ‏38 KB

  • SAP users identification - rename SAP Ids

    Dear all,
    We have a project to change the codification of our SAP users.
    We will use the AD ids as SAP users instead of the current codification.
    We will copy the current user to a new one and close the current.
    After this operation, all the users will lost their layout variants, their user-settings ...
    Do you know if it is possible to transfer all the user-specific objects to the new user ?
    Do you know if a program exists to list all the program where the SAP user is used ?
    thanks for you help.
    Kind regards
    Véronique

    Dear Lynn,
    We were in SAP ECC 6.0
    We created a specific program to recreate  old users to new users based on an input file.
    We didn't rename the user to keep the old user and keep the possibility to check the complete settings of this user.
    We deleted the old user one year after.
    With the specific program :
    1/ we created the new user
    2/ we copied some settings : layout variant, workflow settings, user settings, power list settings (linked to SAP EP)
    we have the possibility to close the old user (lock and validity date) but we did it after in a second step
    I hope it is clear
    thanks
    regards

  • HT204053 Using multi-user IDS and passwords to access the apps website is turning me into an Apple hater, frankly. Am I alone in the crowd of users?

    Ihave abouy 4-5 different user IDS and passwords that I have to juggle to get access to the Apps store. Almost every time I try to get an update, etc., I have to go through the routine of either changing both user ID and password, or just the password. I am a long-time Apple customer but have drifted as far as possible from using Apple updates and purchases. It's just not worth the time, exasperation and energy involved. I can understand that Apple doesn't want to have varied IDs wrapped into a single ID, but it would be helpful if Apple took the time to delete all but one user ID, upon the request of an Apple customer, instead of spending so much time issuing yet another iPad and iPhone. At least, have mercy on some of Apple customers who are still buying snd using laptops and desk tops. HELP!!!

    I'm not sure how you came to have so many Apple IDs, but I'd suggest that you simplify things.
    I just checked the "Apple ID Support" page:
    http://www.apple.com/support/appleid/
    as I imagine you have, too, and I find no instructions for closing or deleting an Apple ID, but you could simplify things quite a bit by using only one Apple ID on all of your devices.
    It will take a bit of time, but I think you'll find that it's worth it.
    If I were you, I would just delete all purchased apps (if you've purchased music, that's a whole different issue - but you could probably simplify your music purchases, too) from all devices accept one - your most "important" device -  and log out from all other devices. Then log in from those other devices using your preferred Apple ID, and reinstall the apps and other stuff.
    It's going to be tedious, and it'll take some time, but I think you'll have a much better experience over the long term.
    For one thing, you'd always be notified automatically to update/upgrade your stuff, and your log-ins to do so would be much easier.
    I know it's not good news, but I hope it helps.

  • Giving Access for an User On One Schema.

    Hi all,
    I want to give read,write and execute access for an user in one schema and only read access to another two users.
    How can I give..Please suggest.

    Hi,
    Well in that case you may have to give the select privilege to a particular user for all tables.
    Or
    You may like to create two roles, and give select privilege to a particular role for all tables. And give write i.e. insert/update privilege to the other role. Then assign this role to the user whom you like to give the access.
    Regards
    Anurag Tibrewal.

  • Automatic Creation of User IDs

    Does anyone know of a standard SAP report/program that will generate User IDs for personnel records? I have a requirement to define a procedure that will review personel numbers to determine whether or not that personel number has an ID assigned to it. If it does not, then the report/program will generate an ID according to a particular naming convention. And of course, this report/program would assign the correct roles according to the position defined.
    I know that there are reports/programs that will update a user's access as he/she moves from position to position. I am hoping for one that will assist in the ID creation process.
    Maybe this is wishfull thinking on my part....
    I await your reponses!

    Sounds like you want to implement your own ESS (Employee Self-Service) application ...
    Before doing so, it might be advisable to check on what is already available.
    The Business Partner concept is a more general concept (only only restricted to "employees" and "applicants" but also applicable on "customers", "resellers", etc.) which also allows to assign logon data to "business entities".
    So, it would be helpful to know what you actually intend to achieve.
    Cheers, Wolfgang

  • User IDs in adapters - XI Proxy, RFC

    Hi mates,
    I've created receiver adapters of type XI and RFC for an SAP R/3 business system. In these adapter parameters, what is the <b>ideal</b> user ID that needs to be specified? Should it be a service user id or dialog user id? What should be the optimal authorizations for it.
    At the moment, I've specified my own user id and the adapters are working successfully. But, I foresee an issue with this method as I would be required to change the password at regular intervals.
    What are the best practices regd the user ids in adapters? Please share your experiences.
    I appreciate your inputs.
    thx in adv
    praveen

    Hi Praveen,
    I would suggest the use of a user of type "Communications" and have SAP_ALL assigned....
    a user of type "Service" still has dialgo access whihc i donot think you would want...
    pls see the types of users and their help...
    User Type
    Dialog 'A'
    A normal dialog user is used by one person only for all types of logon.
    During a dialog logon, the system checks for expired and initial passwords and provides an option to change the password.
    Multiple dialog logons are checked and logged if necessary.
    System 'B'
    You use a user of type System for communication without dialog within one system (for RFC or CPIC service users) or for background processing within one system.
    Dialog logon is not possible.
    A user of this type is excluded from the general settings for password validity. Only the user administrator can change the password using transaction SU01 (Goto -> Change Password).
    Communication 'C'
    You use a user of type Communication for communication without dialog between systems (for RFC or CPIC service users for various applications, for example, ALE, Workflow, TMS, CUA).
    Dialog logon is not possible.
    Service 'S'
    A user of the type Service is a dialog user that is available to an anonymous, larger group of users. Generally, this type of user should only be assigned very restricted authorizations.
    For example, service users are used for anonymous system access via an ITS service. Once an individual has been authenticated, a session that started anonymously using a service user can be continued as a personal session using a dialog user.
    During logon, the system does not check for expired and initial passwords. Only the user administrator can change the password.
    Multiple logon is allowed.
    Reference 'L'
    Like the service user, a reference user is a general user, not assigned to a particular person. You cannot log on using a reference user. The reference user is only used to assign additional authorization. Reference users are implemented to equip Internet users with identical authorizations.
    On the Roles tab, you can specify a reference user for additional rights for dialog users. Generally, the application controls the allocation of reference users. You can allocate the name of the reference user using variables. The variables should begin with "$". You assign variables to reference users in transaction SU_REFUSERVARIABLE.
    This assignment applies to all systems in a CUA landscape. If the assigned reference user does not exist in one of the CUA child systems, the assignment is ignored.
    Thanks,
    Renjith.

  • Is there a way to know who are accessing our SAP instances.

    Hello Friends,
    We have 2 servers (one for ERP and another for XI). Is there a way to know who are all accessing our servers from outside ?
    Also, which are user IDs other than SAP* and j2ee_admin that has admin rights for which we have to change the password once a consultant leaves the company.
    Your suggestions and recommendations will be highly appreciated.
    Thanks
    Ram

    Hi Ram,
    We have 2 servers (one for ERP and another for XI). Is there a way to know who are all accessing our servers from outside ?
    SMGW --> Goto --> Logged on Clients
    Also, which are user IDs other than SAP* and j2ee_admin that has admin rights for which we have to change the password once a consultant leaves the company.
    SUIM --> User --> By Critical Combinations of Authorizations at Transaction Start
    Hope this will help.
    -Pinkle

  • Usage of SAP* user in OOSB

    Hi Gurus,
    I'll be implementing Structural Authorization for my current project.
    I received requirement to restrict ESS and MSS display access specific to Qualification/Qualification Group (by object ID).
    General Authorization cannot specify the restriction by Object ID, thus I'm considering to restrict it using authorization profiles.
    Restriction for MSS view has successfully tested since MSS users will be assigned with MSS Authorization Profile in OOSB. The issue that I'm facing at the moment is how to apply the same restriction to ESS without assigning ESS IDs in OOSB - approximately 40K ESS users; will it impact the system performance anyway?
    If I were to use similar authorization profile defined in OOSP as per MSS, the only way to make it effective for all ESS users without assigning PD profile to each ESS ID in OOSB is by using SAP* - this is based on my understanding referring to notes that I found as attached below. I plan to customize authorization profile specific for ESS users and assign it to SAP* - still in test stage.
    Here are the statement that I'm referring to from the notes mentioned above:
                  " What happens if the table doesnu2019t contain entries for a specific user? In that case, the authorization check uses the
                    entry of the SAP* user. So, the profile stored for this user is applicable if an entry has been left out."
    Please correct me if I'm wrong and appreciate your advice on this matter. Million thanks

    Hi,
    In this scenerio you can activate Context based structural authorizations where the Auth profiles are not assigned to User Ids directly but assigned via Custom roles using authorization objects P_ORGINCON (HR: Master data with Context) and P_ORGXXCON (HR: Master data- Extended Check with Context).
    Authorization objects P_ORGINCON and P_ORGXXCON consists of the same fields as to P_ORGIN and P_ORGXX respectively and has been expanded to include the PROFL field. The PROFL field is used to determine which structural profile the user is authorized to access (as per table T77UA - User Authorizations = Assignment of Profile to User).
    Additionally,I f you have requirements that cannot be mapped using the P_ORGINCON and P_ORGXXCON authorization objects (for example, because you want to build your authorization checks on additional fields of the Organizational Assignment infotype 0001 that are customer-specific) and if you want to implement the context solution, you can include an authorization object- P_NNNNNCON (HR Master Data: Customer-Specific Authorization Object with Context) in the authorization checks yourself.
    Please note following switches have to be activated for Context based Structural authorization in table T77S0 (tcode- OOAC)
    AUTSW INCON (HR Master Data (Context))- Authorization Main Switch that controls whether the P_ORGINCON authorization object should be used in the authorization check.
    AUTSW XXCON (HR Master Data: Extended Check (Context))- Authorization Main Switch that controls whether the P_ORGXXCON authorization object should be used in the authorization check.
    AUTSW NNCON (Customer Authorization Object (Context))- Authorization Main Switch that controls whether the P_NNNNNCON customer-specific authorization object should be used in the authorization check.
    Hope this is helpful!
    Thanks
    Sandipan

  • How to Send SAP User to Spool Job instead of SAPService SID

    Dear Gurus,
    I have to print data using access method C (or L) via print server that runs on win 2008.
    SAP AS runs on win 2003.
    It works fine, but user which appears in print job is SAPService<SID>. We need here sap user who actually initiated printing. It can be obtained easily by chaning access method to G. However, this solution is not acceptable.
    Thank you in advance,
    Nenad

    Problem solved on OS level by introducing anonymous log on.
    Cheers.

Maybe you are looking for